araitz
Activity
Applications (7)
Showing 5 most recent
- Convert 2.2.x conf files to 3.x
Here's a script I wrote to convert 2.2 livesplunks.conf and savedsplunks.conf, cleaners.xml, and props.conf into 3.x savedsearches.conf, segmenters.conf, and props.conf. I hope to improve and add to it, so let me know if you have any ideas, or just go ahead and do it
Area: Applications Activity: Updated Fri 14/Mar/2008 - Sonicwall Firewall
This bundle performs field extractions for sonicwall TZ 170 without the UTM/IDS modules
Area: Applications Activity: Updated Wed 19/Dec/2007 - Sancp/Sguil Add-on
This bundle indexes sancp logs when sancp is patched with the sguil output patch, extracts the fields, then sends to a processor which converts the decimal IP addresses to dotted format.
Area: Applications Activity: Updated Tue 18/Dec/2007 - Alex's sendemail.py
A modified version of sendemail.py which allows you to configure which fields are displayed in alert emails.
Area: Applications Activity: Updated Fri 16/Nov/2007 - Watchguard Firebox
Field Extractions for Watchguard Firebox
Area: Applications Activity: Updated Fri 12/Oct/2007 - Nmap Scripted Input & Field Extraction
Want to put your Nmap output into Splunk? Check out this add-on, which will parse your grepable Nmap output into a scripted input and then perform some field extraction on the data.
Area: Applications Activity: Updated Fri 28/Sep/2007 - getdevicetype
This search command will parse a csv file exported by network or systems device management software and match the hostnames/ip addresses in the file to host field values in you Splunk search, returning the new field devicetype for every match. The csv location is specified at the top of the script, and if you wish you can also alter the field matching to something other than "host" by changing the field variable in the script. The csv must be in the format "device_name,device_type". Thus, you can type: login | getdevicetype | where devicetype="cisco6500" to get only logins on cisco6500 devices or login | getdevicetype to get devicetype to display as a field below each event and be filterable and clickable like host and hosttag. or login | getdevicetype | top devicetype to get a report of number of events by devicetype.
Area: Applications Activity: Updated Tue 11/Sep/2007